Analysis
-
max time kernel
50s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
24-11-2022 05:42
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe
Resource
win7-20220812-en
General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe
-
Size
698KB
-
MD5
384c1108356687200fa75e23c9880279
-
SHA1
6b9eb66cedd25665627c095b40d41913447ca60b
-
SHA256
7c470477c32979be016bffc98f861acc089861a6a2ba015aed73d769774370bf
-
SHA512
954821f87770e3013f3c1e35cbd33772c806dc255be206c300314bf659cb41232e82303dfee325165891263796c82ce28eb172e27b405ee77f68412cd1225446
-
SSDEEP
12288:SJRgh/PsZ1DX/VDJtmZo6+qLCON4WI1GtpRZF/R1Y3U7t7E:sRgh/Pomxzmc4XAFc7
Malware Config
Extracted
formbook
m5oe
HdR8hG6r12hBYuHY4zv6YeeFPQ==
tD1V9gswYvgQXEGd
1xKtJ1LdqRYMRMC84U1A
MbhjiWb7Lz8z7KIWl3UyUIJwA6Tb
joVB5Xggy2RtE+odsZg=
TrduAIay6Y3SvoIK20xI
pSna7LOsXXwXT/zz3Iow4g==
QnthmO4Qst5gC3sDoA==
eAirzOOgO7SOCenz3Iow4g==
xg0uSbfLTg==
YWQXwyGRzPEHzGrDFE8CBSE=
ujLnfuXoH9dbgHIK20xI
291v0XsGFrYQXEGd
MRvTd/qMuaHpjCM=
X131fLC6VWX4MsvCb2IPjIfq8wlksWfg
Y9Bur8DbgqFt/Yni86MMCCE=
q6RTBmJkmy5pWTmmCCrvmuCDPw==
mQS26DojT+EQXEGd
sjHQ+Kav2Wx9FeodsZg=
JA24UKnTA5re1LhcQaVo/w==
+nMYDuKNduLsjSE=
0Y9DVy/Tc9l+yjQ=
y7lwdkvTChreCREDpQ==
Ii3WdB9OaKHpjCM=
CMWQ4A8JKbwoNFp9nu7t6g==
gbV4IoyzQljj18uoLgjx6g==
6K5hYUwJtU5ySf92shofvBfYrldksWfg
HShGoi6WeQZh
+XRHCtltpLisZhq8oQP3tsIn
H92Mnqi1WFbtCREDpQ==
ScNmhoycwTWCnCciRLFr/A92fk4lLrXv
/mcDDzqp2eN+iqKcQzk8IFpI47Z1oDSkYg==
4Zw22mgivXjUVwsKrQ==
H6BuCCqWeQZh
AXgnNxLA5SJB/+odsZg=
ewIhwqy9EmQJYg==
r2QP0TaWeQZh
wH0tLEHAY/MrFNYtfK1ScJWi7cI=
CC3fiO5tJLm2VNIwxwNPYSP0u4nR
Fx7Zhw2aS6HpjCM=
IJxWlqZEdZpwDuodsZg=
yUjv9d2BuOS0KOodsZg=
3p9Rc2X7ORpG8LMaPbR8DkBwu0YHcGeudQ==
1HEaIfD3b79KiDEL3Iow4g==
wWMAE/eTvqHpjCM=
vLlwIqnDnTWyCREDpQ==
5Zw354BpX25V+MYFrJI=
bqtnHoun2nf7CREDpQ==
rWETGOZxl6iRGP8fuokZ/GMv
sn1e9rsTPWA=
nN+z3PKiu6HpjCM=
qifMPKbZgoXSZjD1FJA=
wJAvzTSWeQZh
XYVBzCOsTvAQXEGd
tCi/4MTHdZ9v9pT5FGwZ/GMv
uWdW5jhhSjC67o2V
IejMbKK5EmQJYg==
2ptC9k/Nex0+/uodsZg=
69+iVeaYNOokmEsorQ==
f4MkxCEdWBSt5WJD5cLF7EoRn8M=
d7dR4opPbeIZwWovuA==
4alR50ZbhAxOJfHUaVhA
g403rfwQH7w9ZvHron4xbLDfMg==
m9aSQLs51jmh18uoLgjx6g==
singglostudio.com
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exedescription pid process target process PID 1748 set thread context of 1316 1748 SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exepid process 1316 SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exedescription pid process target process PID 1748 wrote to memory of 1316 1748 SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe PID 1748 wrote to memory of 1316 1748 SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe PID 1748 wrote to memory of 1316 1748 SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe PID 1748 wrote to memory of 1316 1748 SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe PID 1748 wrote to memory of 1316 1748 SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe PID 1748 wrote to memory of 1316 1748 SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe PID 1748 wrote to memory of 1316 1748 SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.15485.10619.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1316-64-0x00000000004012B0-mapping.dmp
-
memory/1316-60-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/1316-61-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/1316-63-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/1316-66-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/1316-67-0x0000000000401000-0x000000000042F000-memory.dmpFilesize
184KB
-
memory/1316-68-0x00000000009A0000-0x0000000000CA3000-memory.dmpFilesize
3.0MB
-
memory/1748-55-0x0000000076091000-0x0000000076093000-memory.dmpFilesize
8KB
-
memory/1748-56-0x0000000001E50000-0x0000000001E68000-memory.dmpFilesize
96KB
-
memory/1748-57-0x00000000005A0000-0x00000000005AC000-memory.dmpFilesize
48KB
-
memory/1748-58-0x0000000004F60000-0x0000000004FD0000-memory.dmpFilesize
448KB
-
memory/1748-59-0x0000000004E10000-0x0000000004E44000-memory.dmpFilesize
208KB
-
memory/1748-54-0x00000000001F0000-0x00000000002A4000-memory.dmpFilesize
720KB